150 likes | 259 Views
Linux Security. See who's logged in. 1) w (more information) 2) who (less information). Disable remote logins for "root" account. 1) Deactivate telnet daemon sudo service telnet stop 1.5) Remove telnet daemon (unless REALLY needed) sudo apt-get remove telnetd
E N D
See who's logged in 1) w (more information) 2) who (less information)
Disable remote logins for "root" account 1) Deactivate telnet daemon sudo service telnet stop 1.5) Remove telnet daemon (unless REALLY needed) sudo apt-get remove telnetd 2) Disable root logins in ssh server (use nano or vi as root) edit /etc/ssh/sshd_config; find "PermitRootLogin", set to "no" Restart ssh: sudo service ssh restart 3) Disable all remote root logins in /etc/security/access.conf add line to access.conf: "- : root : ALL EXCEPT LOCAL"
Disable toor account a) Delete the account: sudo userdel toor b) Disable (Lock) account: sudo usermod -L toor c) Set toor's login shell to /usr/sbin/nologin: (edit /etc/passwd; change last argument on toor's entry to /usr/sbin/nologin)
Enforce Password Length edit /etc/pam.d/common-password (with sudo) Append the first line containing "pam_unix.so" with min=8 This will enforce a minimum password length of 8 characters. NOTE: Can be set to any desired minimum length
Create User Accounts sudo useradd -m -G users,development,remote username -m creates home directories -G adds the new user to the listed groups (users,development,remote)
Check Active Network Service 1) Netstat (IPv4, Listening, show Process name) sudo netstat -4lp 2) Check the Internet Services daemon cat /etc/inetd.conf
Check Active Processes 1) ps -ex Show processes for Everything, with eXtended info 2) pstree -a Show process in tree format, with Attributes
End suspect processes 1) kill (PID) Ask the specified process to end nicely 2) kill -15 (PID) Tell the process to end 3) kill -9 (PID) Tell the system to end the process 4) sudo kill -9 (PID) As root, tell the system to end the process
chmod explained chmod: Change file privileges- identity, privilege Identities are User = u Group = g Other = o Privileges are Read = r Write = w Execute = x chmod u+x; chmod g-w; chmod o-wr
chown explained CHange OWnership, in user:group format. Change /home/development to be owned by root: chown root: /home/development Change /home/development to be owned by wheel group: chown :wheel /home/development Change /home/yourfile: chown you:users /home/yourfile
Create a Shared File Folder Create the folder, give it following permissions: (group ownership = development) User, Group, Other: No Execute Other: No read or write Group: Read and Write mkdir /home/Development chown -R :development /home/Development chmod ugo-x /home/Development chmod o-rw /home/Development chmod g+rw /home/Development
Log File Analysis Logs are stored in /var/log/ Example: /var/log/messages (generic messages) /var/log/syslog (kernel messages) /var/log/auth.log (Authentication log) auth.log records all login attempts-- local, ssh, telnet, etc.
Reading log files Dump to the screen cat /var/log/auth.log Show entries in scrollable format less /var/log/auth.log Show last 10 entries tail /var/log/auth.log Show last ten entries, and any subsequent entries tail -f /var/log/auth.log
grep logfiles Keyword searches on logfiles: Show login attempts for kdewey: grep 'kdewey' /var/log/auth.log Show sudo uses: grep 'sudo' /var/log/auth.log